Advanced Network Malware Detection

Lower False Negatives

While machine learning security products are still in their infancy, signature-based IDS/IPS & antivirus solutions are becoming increasingly ineffective.

For example, we measure that an antivirus solution misses known malware from 50% to 80% of the time with respect to all its rivals combined. Things get even worse if we also count unknown malware that can only be detected through a sandbox.

Signature-based detection systems cannot detect and prevent today's leading causes of cyber security incidents. Unpredictable user behavior, bad passwords and social engineering attacks can only be detected using behavioral analysis.

Traditional cyber-security defenses are myopic and asymmetric; the attackers collaborate globally while the security vendors struggle independently. MetaFlows SaaS technology disrupts this trend by leveraging the most diverse set of threat indicators available today and implicitly sharing incident report data between our customers.

For example, our Network Antivirus system not only uses more than fifty five (55+) antivirus solutions at once, but also uses a mix of proprietary, commercial and collaborative feeds to analyze the behavior of the content as it is executed/opened to determine whether it is well behaved.

Furthermore, when you deploy our technology, your enterprise becomes an integral part of our cloud-based correlation system.
Each deployment becomes both a consumer of 300,000 threat indicators from the Internet community and a producer of threat data contained in the incident reports generated.
By anonymously sharing threat intelligence from multiple enterprises we can extract dangerous communication patterns that are strong predictors of a potential compromise. This information is then fed back to each customer in the form of dynamic IPS block rules.

Relative Antivirus Effectiveness

The relative detection rate of endpoint antivirus solutions ranges from 10% to 50% (the average is 20%). The table above shows the best 15 antivirus detection rates for the week 02/05/2019-02/12/2019 and the severity of the malware they detected. Hover over the bars to see the detection rate.

Evolve Your Network Security

Lower False Positives

Threat indicators provide noisy data NOT a source of information. We extract information while removing false positives by recognizing specific patterns of diverse classes of threat indicators affecting individual endpoints over time. Our patented technology, automatically generates incident reports (security information) correlating multiple inter-dependent events. Rather than only providing isolated single-session events, incident reports give you the big picture with links to the underlying event data that matters as well as the complete packet capture of the incident.

Traditional Network IDS software generates alerts by finding known threat patterns within a single TCP/UDP session. This usually results in a very high false positive rate. Important events are often missed due to the huge volume of false positive or low-priority network security events.

MetaFlows uses Multi-Session Correlation. Multi-session correlation is an evolution of dialog-based correlation first introduced by a revolutionary malware detection tool called BotHunter.

Other Unique Features

Advanced Forensics

MetaFlows' network malware detection software provides indexed packet logging to easily reconstruct what happened in your network past.
The time horizon is directly proportional to the storage to bandwidth ratio and can range from a few hours to a few weeks depending on the setup. The time horizon can be adjusted by sizing the storage capacity while leveraging our proprietary packet indexing technology to scale your forensic capabilities to a whole new level.
More

Block Threats Without Impacting Reliability

Soft IPS is ground-breaking software-based Intrusion Prevention technology that shuts down threats with zero impact on performance and reliability. It uses powerful active response technology to block unwanted traffic (bots, spyware, P2P, etc.) and actively learns which flows need to be blocked by extracting invariants from your communication patterns.
More

Inline IPS

Soft IPS

Blocks TCP

Blocks UDP and ICMP

Partial

Software Failure

All Traffic Stops

All Traffic Through

Hardware Failure

All Traffic Stops

All Traffic Through

Power Loss

Depends on Device

All Traffic Through

Performance Impact

~200 µs latency

None

Passive SSL/TLS Interception

Passive SSL/TLS interception does not require a proxy, it is more reliable and more secure. Also the cost of passive SSL/TLS interception is significantly lower than traditional techniques because it does not require an inline device to continuously perform cryptographic operations in real time to first decrypt and then encrypt all traffic to inspect.
More

Proxy SSL/TLS Interception

Passive SSL>TLS Interception

No Security Impact

Requires Key Management

System Failure/misconfiguration

All SSL traffic stops

SSL inspection stops

No Performance Impact

Noticeable

End-to-end Transparency

Ciphers are implicitly re-negotiated

Endpoint supported

All

Partial

Deploy Anywhere

Our software was designed as an open system and can therefore be easily customized and integrated into any existing infrastructure.
It can be installed in minutes on Linux CentOS or RedHat, VMware (Server/Player or ESX4), Amazon EC2 or Microsoft Azure supporting a variety of storage and monitoring configurations. We also provide cost-effective malware detection appliances optimally designed to scale from 50 Mbps to 10 Gbps.
More